Consider avoid undefined array key error

  • Resolved Brandon Zhang

    (@heybran)


    2 months, 4 weeks ago

    Hi there,

    This is not a request for support, I’m opening the issue hoping that plugin authors might consider in future versions, to update codes to avoid undefined array key error.

    FastCGI sent in stderr: "PHP message: PHP Warning:  Undefined array key "ne" in /plugins/newsletter/subscription/subscription.php on line 667

    While reviewing the error logs on one of our sites, we saw quite a long list of this errors being printed into the log, it was caused by attacker trying to send a POST request like /?action=tnp&na=sa HTTP/1.0 , and this line of code in the plugin $data->email = $posted['ne']; will generate the undefined array key error.

    It would be great to have this improved in upcoming release of the plugins.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Stefano Lissa

    (@satollo)

    2 months, 4 weeks ago

    Hi, thank you for reporting I’ll add the ?? operator on next version. BTW the ‘ne’ parameter should not be missing on the posted values. If it is no present an error should be triggered during the data validation.

    Thread Starter Brandon Zhang

    (@heybran)

    2 months, 3 weeks ago

    Hi Stefano,

    Thanks for getting back to me so quick. The error was found in our server logs while we’re reviewing an ongoing attacks on the website.

    Sounds lovely, we’ll update the plugin as soon as the new version is out.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.